Coverity seems to be complaining that my_pubkey is receiving a value from an external source. It is therefore "tainted", because the program cannot inherently be confident that the data so received are correct or valid. This is a genuine concern that you may simply need to manage. I wouldn't expect using getline() instead of fgets() to change that -- that would be one way to address a different problem involving a different function (gets()).

Coverity is also complaining that you are passing your tainted string to printf()as a format string. This is also a bona fide security concern, and maybe even a simple correct functionality concern. It is a very bad idea to use an externally supplied string as a [f]printf() format string, because such a string may contain printf() field codes. You should instead either provide an explicit format:

fprintf(fp, "%s", my_pubkey)

or use fputs():

fputs(my_pubkey, fp)

Email codedump link for Possible security vulnerability from using fgets() and recommended solution?